cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Security gateway download link URL as used by diagnostic tools should use public DNS name

mark_linders
Participant

When creating memory dumps of processes, the dumps are transferred to the Security Gateway. From the Dynatrace console you will receive the download links to the dumps. Unfortunately the download links that are presented are the internal AWS DNS names instead of the public ones Making the links unusable. Is it possible to configure public DNS names instead of the local ones?

4 REPLIES 4

silvia_moreno_u
Advisor

Hi. For future reference, when installing the security gateway there are command-line options and you can use them to specify such thing. I'm trying to find the documentation on that.

Hi Silvia,

Thank you for the tip. I only found the following reference to command line options that do not include setting the published DNS record.

https://www.dynatrace.com/support/help/installation/security-gateway/how-do-i-configure-a-security-gateway/

From what I recall configuring the download links is something that is still being worked on. Until then, the feature will be unusable for us unfortunately. If you happen to find other information that gives me other options, please share and I will surely try it out.

Kind regards,
Mark

silvia_moreno_u
Advisor

One of my customers found out there is a command-line option called DNSENTRYPOINT.

I am going to see if we should add this to the documentation.

Regards,

Silvia

mark_linders
Participant

So I have been playing around with the dnsEntryPoint parameter. And it is finally working. It did need some AWS trickery to make this useful:

First add the following to /var/lib/dynatrace/gateway/config/custom.properties on the dynatrace security gateway:

[connectivity]
dnsEntryPoint= https://sg.mydomainname.com:9999

From what I've seen, the agents now try to connect to this URL as well. Since we need the agents to connect to the local address of the Security Gateway we added a new private zone in route53 called sg.mydomainname.com with a single A record to the local ip address (for example 10.10.0.100). The ec2 instances now resolved sg.mydomain.com to the local address of the Security Gateway.

We created a heapdump of one of our processes and waited for the agent to copy the files to the Security Gateway. The download link returned is: sg.mydomainname.com:9999. We created a new A record in route53 to point to the public IP address of the Dynatrace Gateway and opened up port 9999 for our public IP address. We were now able to download the heapdumps from the security gateway.

Now the only question that remains is:
How long are the heapdumps kept on the application servers where the oneagent is running? I do see dumps being accumulated on /opt/dynatrace/oneagent/log/memorydump, even when they have already been copied over to the security gateway.

Regards,
Mark